# Integrate OpManager with FortiSIEM OpManager integrates with FortiSIEM, an SIEM integration option that enables unified analysis and correlation to detect threats and performance issues. Once integrated, OpManager forwards critical alerts, data and logs to FortiSIEM in real-time. This integration helps to improve your security operations by identifying potential threats and optimizing incident response. **Configuration in FortiSIEM** 1. [Steps to configure in FortiSIEM](#steps-to-configure-in-fortisiem) **Configuration in OpManager** 1. [Configure Audit and Access logs](#configure-audit-and-access-logs) 2. [Associate a Notification Profile](#associate-a-notification-profile) ## Configuration in FortiSIEM ### Steps to configure in FortiSIEM - Deploy the FortiSIEM Supervisor, then install the **collector node** to start gathering data. - Register the collector node to the supervisor. - Enable Syslog UDP input on the collector. - Allow **Port 514 (UDP)** on Collector OS to receive the logs. - Ensure to enable the UDP Syslog in FortiSIEM. - You can create custom parsers and apply other customizations if required. **Note:** 1. Refer to the [Fortinet document library](https://docs.fortinet.com) for Syslog UDP [host and port](https://docs.fortinet.com/document/fortisiem/7.4.0/external-systems-configuration-guide/824175/fortisiem-port-usage) configuration. 2. Ensure that 514 port or the specific port configured for receiving syslog is available and listening to the syslogs and not blocked in the firewall. ## Configuration in OpManager ### Configure Audit and Access logs - Go to **Settings → General Settings → Integrations → SIEM (UDP/Syslog) - Configuration**. - Enter the **SIEM Application Name** as **'FortiSIEM'**. - Specify the **Host** name of the collector node. - Mention the syslog listening port in the **Port** field. - Select **Send Access logs** or choose **Audit modules** from the dropdown. You can also select both together based on your requirements. - Click on Save. ![OpManager -FortiSIEM](https://www.manageengine.com/network-monitoring/help/images/fortisiem-1.png) ### Associate a Notification Profile Follow the steps below to configure notification profile for IBM QRadar - Go to **Settings → Notification Profile** and click **Add**. - Select **SIEM**, then choose **SIEM (UDP/Syslog)**. - Enter the required parameters, including Format, Severity, Facility, Description, and relevant Variables. - If required, enable structured message and provide the inputs in the required fields. - Click on **Test Action** to verify the profile configuration. ![OpManager -FortiSIEM](https://www.manageengine.com/network-monitoring/help/images/fortisiem-2.png) - Learn more about configuring [criteria](https://www.manageengine.com/network-monitoring/help/configuring-notifications.html#criteria-notifications), [devices](https://www.manageengine.com/network-monitoring/help/configuring-notifications.html#select-devices), and [time window](https://www.manageengine.com/network-monitoring/help/configuring-notifications.html#applying-time-window) in notification profiles [here](https://www.manageengine.com/network-monitoring/help/configuring-notifications.html?siem_integration_fortisiem). - Click on **Save**. ## Verifying the Integration After the integrating, you can check for the logs received from OpManager to FortiSIEM. [Know more about the integrations offered by OpManager](https://www.manageengine.com/za/network-monitoring/integration.html?siem_integration_fortisiem) [Know more about dynamic variables used in request body](https://www.manageengine.com/za/network-monitoring/help/workflow-variables.html?siem_integration_fortisiem)